Protecting people’s money, and their data

May 2019 Editor's Choice, Integrated Solutions, Financial (Industry)

The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without. They also have a responsibility to protect their customers and their data from unauthorised access, and since bank branches are essentially businesses they are seeking ways to improve the customer experience in similar ways to the retail sector.

Addressing all these concerns requires a highly integrated approach that uses the cutting-edge of security technologies across the board. We asked IDEMIA, Cathexis Africa and CA Southern Africa how their companies’ particular areas of expertise are being leveraged in the financial sector.

Nicolas Garcia.
Nicolas Garcia.

“In recent years we have seen a significant shift amongst the world’s largest financial institutions, toward frictionless biometric technology, which is driven by several key factors,” comments Nicolas Garcia, regional director of sales at IDEMIA SA. These factors include security standards compliance and resultant audit pressures which have increased dramatically around the globe in recent years (for both physical and logical security). This has been driven in part by the large number of high-profile insider and outsider breaches/attacks seen in the past five years.

What’s more, the world’s major financial institutions are competing for both the best customers and the best employees. They are always looking for ways to attract top talent, and are focusing heavily on workplaces that are high-tech, safe, and attractive to employees. Also, the access control technology is highly visible to any visitor entering the lobby, and plays a significant role in reinforcing the message of how serious the bank is about security.

There is a need within these entities to securely manage very large workforces, often exceeding 200 000 or 300 000 employees globally. “These employees are of course spread across many sites, but in most large corporate locations there is a need to ensure that tens of thousands of employees can securely access the buildings efficiently at peak times. For example in major cities or at campuses, employees usually arrive in waves during peak hours as they utilise public transport such as subway trains or shuttles. This puts a concentrated throughput demand on the system during these times,” says Garcia.

Another challenge faced by large institutions is the sheer variety of building types and locations in which the access control technology needs to operate. Large organisations need to standardise as much as possible in order to have the best control over their systems, and over costs. The variability, not only from site to site, location (indoors/outdoors) but also by time of day or even by season, has meant that contact fingerprint technology was the most widely adopted solution in the past, due to its immunity to most of these external factors.

Contactless biometrics

“Changing the environment or trying to compete with nature to make a system work is extremely costly, and rarely works, which is why so many facial and iris-based systems have had much more limited adoption in true access control applications,” Garcia continues. “With recent advances in 3D imaging technology, algorithms and processing power, it has become possible to capture more biometric data, more accurately, and without physical contact. The more biometric information you have to analyse, the more accurately you can tune the system for high-assurance matching.”

These gains have become most readily applicable to touchless/contactless fingerprint technology. Since every single fingerprint is unique, by simply waving one’s hand over a sensor, four unique credentials can essentially be tied to one human being, i.e., each of the four fingers, omitting the thumb due to its relative orientation compared to the four fingers. Scanning these fingers in 3D and without contact means more information can be analysed from each finger, without the concerns of hygiene or people having wet or dry fingers, or touching the sensor too softly or too hard.

“Being able to do all of this in even less time, and with less effort than traditional contact biometric systems, has catapulted this technology into the mainstream,” says Garcia. “IDEMIA pioneered the concept of frictionless biometrics over 10 years ago with the first generation of the technology now known as MorphoWave. The intense R&D and field testing over the past decade make this technology fully viable in the real world. As a result, MorphoWave is the most used touchless biometric technology for high-throughput, secure access in the financial sector, including an impressive array of the most recognisable banking and credit brands on the Fortune 500 list.”

Augmented identity

In the workplace, the same frictionless technology regularly extends to time and attendance, cafeteria payments, gym access, parking and other services. This feeds into IDEMIA’s ‘augmented identity’ concept, central to which is the idea that leveraging our identity must be not only a secure process, but also natural and convenient. This extends well beyond traditional access control and security applications into other areas such as eKYC, voting systems, civil ID programmes, border control and passenger facilitation, amongst others.

“IDEMIA’s facial recognition and analytics solutions provide an additional layer of security designed to complement traditional access points by extending the reach of security well beyond the physical doors and barriers. By fusing detection and tracking of persons or objects with accurate facial recognition algorithms, a powerful early warning system and investigative tool provides for much higher ROI (return on investment) of the customer’s existing surveillance infrastructure,” Garcia says. The technology can provide alerts based on any number of watch-lists for a variety of purposes ranging from detecting known bank robbers to identifying VIP customers.

IDEMIA’s biometric technology plays a key role in providing better security to both banks and their customers. Biometrics can be used to verify the identity of a customer when opening a bank account and/or to detect if that same customer has previously existed in the system under a different name. That biometric technology is also integrated into ATMs and branch teller solutions around the world to provide secure authentication of customers.

IDEMIA also offers a secure bank card with embedded fingerprint sensor, known as FCode. This allows a customer to scan their fingerprint directly on their banking card to authorise a transaction, instead of relying on a traditional PIN or signature.

“More major banks and credit providers are now integrating IDEMIA’s biometric technology into the payment experience,” Garcia states. “Secure payments using biometrics bring an important combination of both increased convenience and security at the same time. The expectations of today’s typical banking customer are very different than 10 or 20 years ago.

“Today’s customer grew up with a different level of technology accessibility and most are already completely comfortable using biometrics on their phone for a wide variety of authentication use cases including payments. Today’s customer expects that same capability to extend beyond their phone and into the retail space, whether at a shopping mall, concert or train station.”

Making use of video analytics

Gus Brecher.
Gus Brecher.

Video management software (VMS) specialist, Cathexis Technologies, works with various entities within the financial sector. While its involvement has extended to the likes of institutions like the London Stock Exchange, the biggest component is the banks and their branches, according to Cathexis Africa’s managing director, Gus Brecher.

Integration is a big factor in the banking sector, says Brecher: “We have quite a lot of banking customers and in that sector we do a lot of integration with their fire systems, alarm panels and access control. Depending on the bank, many of them like to have a central monitoring capability, so they’ve got a hybrid scenario where they’ve got distributed recordings on site, a centralised monitoring facility for alarms, and the ability to view and store video off-site on request.”

Over and above access control systems deployed in the back-office areas, Brecher says banks are increasingly making use of video analytics. One way this can be used is to notify a branch manager if someone has entered the customer service area and not been served within a certain period of time, to enable the branch to improve its customer service levels. People counting can also be used to gain more insight into people’s comings and goings.

Analytics algorithms that identify loitering behaviour are also deployed outside banks and at ATMs. “We’ve also done some ATM integration where the standalone ATMs have small recording devices in them which can be correlated with the ATM transactions. However, because of privacy issues addressed by the likes of the PoPI (Protection of Personal Information) Act and GDPR (General Data Protection Regulation), this is typically limited to details like the time and type of a transaction, rather than details about the person performing the transaction,” Brecher says.

Cybersecurity must not be ignored

Gregory Dellas.
Gregory Dellas.

Whether crime is committed with a crowbar or a computer, the number one motivator for an attacker is greed, points out Gregory Dellas, security presales at CA Southern Africa. “It is for this reason that banking and financial institutions face the most persistent threat from the world’s assorted cybercriminals. While data has value and can be breached and sold off, it is the systems that handle the criminal’s true goal – money – that make the best targets,” he states.

According to SABRIC, 16 296 incidents were reported from January 2018 to August 2018 with losses amounting to more than R183 million for the banking industry. This is a 64,3% increase in the number of incidents over the same period in the previous year. On a wider scale, in the PwC 2018 Global Economic Crime and Fraud Survey, South Africa ranked number 1 globally for companies having experienced some form of economic crime, with a whopping 77% of all South African organisations being affected.

The largest increases in the sector were seen in insurance, consumer lending and retail investing. A contributing factor in this trend is the assumption that the established enterprises are the most at risk, when in fact, new entities including cloud-based services and digital banks are also highly targeted. Young organisations seeking to grow quickly and build security later make up the majority of these reported breaches.

Awareness versus alertness

“Awareness of these facts is an important step towards strong security but it is not enough,” Dellas insists. “The attacker is alert, prepared and 100% focused when exploiting systems. The staff of a financial services firm may be security aware but they are acting on routine, are distracted and not anticipating, for example, a potentially fateful social engineering phone call.

“This alertness shortfall can only be overcome with the right tools and a wide safety net strategy. Singapore based DBS bank provides a good case study, where a newly implemented CA Technologies automated identity and access management platform reduced risk of fraud, increased efficiency and improved customer satisfaction.”

Additional layers of defence include tools that manage privileged credentials which are the equivalent of the vault keys in a physical bank. Intelligent risk-based authentication can fill in the alertness gap should attackers gain access to systems or possession of employee credentials; they can be blocked based on thousands of hours of behavioural profiling.

“Many financial institutions are benefiting from benchmarking themselves against peer companies such as DBS. One good industry forum that helps address cybersecurity risk is the Financial Services Information Sharing and Analysis Centre (FS-ISAC). They conduct frequent cyber-range exercises and publish recommendations. Another excellent initiative is the Financial Data Exchange which seeks to create a common standard for data sharing across the financial industry.

“Reaching out to peers and partners familiar with the cutting edge of cybersecurity is an important step in boosting overall security posture. By continually adding additional layers of security, be they tools, processes or collaborative initiatives, best practices will ultimately keep financial institutions safe and secure,” Dellas concludes.

For more information contact:

• CA Southern Africa, +27 11 417 8594, [email protected], www.ca.com/za

• Cathexis Africa, +27 31 240 0800, [email protected], www.cathexisvideo.com

• IDEMIA, +27 11 286 5800, [email protected], www.idemia.com



Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...
Here’s to a SMART 2025
SMART Security Solutions Editor's Choice News & Events
This is the final news brief from SMART Security Solutions for 2024, and the teams would like to take this opportunity to thank our readers, advertisers and partners and wish everyone a safe and secure festive season.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
AI-powered automation for an operational efficiency edge
Editor's Choice AI & Data Analytics IoT & Automation
In the fast-moving world of digital transformation, businesses are under immense pressure to accelerate their operations and adapt quickly to stay competitive in an era dominated by AI and technological advancements.

Read more...
2025 Southern Africa OSPAs entries now open
Technews Publishing Editor's Choice News & Events Training & Education
Entries are now open for the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs). The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, to be recognised and their success to be celebrated.

Read more...
Elvey to distribute Tiandy
Elvey Security Technologies Editor's Choice Surveillance News & Events
Tiandy’s presence in South Africa was boosted in November with the announcement that Elvey Security Technologies will distribute a broad range of Tiandy equipment through its channel partners and provide project assistance.

Read more...
Standards for fire detection
SAQCC (Fire) Editor's Choice Fire & Safety Associations
With the increased number of devastating fires reported throughout South Africa, adequate and suitable fire detection cannot be overstated. SAQCC Fire will publish a series of articles in SMART Security Solutions to provide insight into fire detection requirements and importance.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
The best of local and international
Technoswitch Fire Detection & Suppression Editor's Choice
SMART Security Solutions speaks to Technoswitch’s Managing Director, Brett Birch, to learn more about the company and how it serves the fire safety market in South and sub-Saharan Africa.

Read more...
Creating safer schools across southern Africa
Technews Publishing Editor's Choice
The My Safe Space initiative, conceptualised and steered by James Dalton and a number of partners, aims to addresses bullying in schools and help keep people safe when dropping off or collecting children from school.

Read more...